The Rise of Flaw Remediation: What ALC_FLR’s Growth Reveals About CC Certifications, and What Vendors Need to Know to Claim It. (C21b)
On the Common Criteria Portal, flaw remediation is claimed in nearly half of all Security Targets, and has an approximate 80% increase in claims between 2021 and 2025, but what does it take to claim it? This talk draws on an analysis of published Security Targets to explore what flaw remediation adoption patterns reveal about the shifting expectations in the Common Criteria landscape, and the practical considerations vendors need to understand across levels of ALC_FLR before committing to flaw remediation in their next evaluation. The emerging ALC_PAM patch management assurance class and its relationship to flaw remediation is also discussed.